Rather busy so only a brief response.
The range of penalties available would normally fit both the type and scale
of any agreed misdeed. A fine of 10-20,000 or even 200,000 is likely to
continue to be viewed as an acceptable business expense in many
circumstances. Ask the question - would the outcome of the Goldfish credit
card business set up using a utility companies customer data in breach of
the DPA and initially returning many millions of pounds worth of revenue
have been curtailed by a 20,000 fine? Then ask the question would a
potential prison term for management have provided a different level of
deterrence?
Considering deterrence mechanisms which utilise those coercive approaches
whilst viewing that area using a wide privacy definition and:-
• the pressures applied by businesses utilising enforced subject access;
• the creation of the CRB;
• more recently the seeming legal normalisation of the SAR enforcement
abuses by the ICO's decisions and statements to certain sectors.
All of those appear most inappropriate when the individuals concerned
themselves are unable to as easily demand or find out details of the various
tribunal/court decisions which may have been found against any organisation
they are potentially joining and which may be pertinent to their decisions
to proceed with an employment application.
A requirement for organisations to disclose all tribunal
findings/convictions to any person who they require to be vetted or enforce
subject access against, or when an employment application is sent out,
provides an apparently equally appropriate level of information to the
individuals decision process regarding how they may fit within any
particular organisational culture. At the same time that would provide a
process which created mechanisms similar to those apparently used at an
individual level for organisations, focusing attention on the proven
misdeeds of the organisation and allowing some informed questioning if
necessary. Provided enforced SAR is as effective at the individual level as
the demands seem to indicate the opposite should be likewise effective at
the organisational level.
Ian
> -----Original Message-----
> From: This list is for those interested in Data Protection
> issues [mailto:[log in to unmask]] On Behalf Of Tim Turner
> Sent: 26 July 2006 08:53
> To: [log in to unmask]
> Subject: Penalties for DP offences - Consultation
>
>
> Apologies if this has already been picked up.
>
> The Department of Constitutional Affairs is running a
> consultation on the penalties of misuse of data - the
> suggestion is to increase them from fines to the possibility
> of prison sentences. The document was published on Monday, I
> think. If you would like the chance to have your say, go to
> the following website:
>
> http://www.dca.gov.uk/consult/misuse_data/cp0906.htm
> <http://www.dca.gov.uk/consult/misuse_data/cp0906.htm>
>
> The point has been made by others (I read the argument on the
> Spy Blog -http://www.spy.org.uk/spyblog/
> <http://www.spy.org.uk/spyblog/> - which is full of Data
> Protection and surveillance stories if you haven't seen it),
> but an increase in penalties is only interesting if the
> penalties are applied. After all, the job of every DP officer
> would be made that little bit easier if the worst DP
> offenders actually ended up doing some time. But Data
> Protection has hardly been over-enforced since its
> introduction, so perhaps one of the things the DCA should
> introduce if they decide to increase the penalties is some
> obligation to apply them.
>
> Tim Turner
> Data Protection / FOI Officer
> Legal and Property Services
> Wigan Council
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.4/399 - Release Date: 7/25/06
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving message please send to the list owner
[log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|